#!/usr/bin/perl -wT
use CGI qw(:standard);
#use DBI;
use strict;
use lib '.';
use users;

print header;
print start_html("Password Change Results");


my $oldpass = param('oldpass');
my $newpass1 = param('newpass1');
my $newpass2 = param('newpass2');

my ($username,$level) = &validate;

my ($cuser,$epass,$email,$level,$active,$gamename) = checkuser($username);
if (! defined $cuser )
{
    &dienice("Can't find your username!?");
}

# now encrypt the old password and see if it matches what's in the database
if ($epass ne crypt($oldpass,substr($epass,0,2)) ) 
{
   &dienice(qq(Your old password is incorrect. If you can't remember it, please use the <a href="../forgotpass.html">reset password</a> form instead.));
}

# a little redundant error checking to be sure they typed the same
# new password twice:
if ($newpass1 ne $newpass2) 
{
   &dienice("You didn't type the same thing for both new password fields. Please check it and try again.");
}

# ok, everything checks out. Now we encrypt the new one:
my $encpass = &encrypt($newpass1);

# now store it in the database...
update_user($cuser,$encpass,$email,$level,$active,$gamename);

# Finally we print out a thank-you page telling the user what
# we've done.

print qq(<h2>Success!</h2>
<p>Your password has been changed!  Your new password is <b>$newpass1</b>.<p><br>
<a href="menu.cgi/">Click Here</a> to return to the menu</p>\n);
print end_html;

sub encrypt 
{
    my($plain) = @_;
    my(@salt) = ('a'..'z', 'A'..'Z', '0'..'9', '.', '/');
    return crypt($plain, $salt[int(rand(@salt))] . $salt[int(rand(@salt))]);
}
	

